Apple blocks ad-injecting Mac trojan, Yontoo

Don't lift a finger: Yontoo has been added to OS X's built-in protections.

A day after Russian anti-virus firm Doctor Web highlighted an adware Mac trojan called "Yontoo," Apple has moved to block it. Confirmed by Intego, Apple has updated the definitions included in OS X's Xprotect.plist in order to detect the adware, meaning users don't need to run anything special in order to be protected.

"In testing, it appears this detection is very specific and potentially location-dependent," wrote Intego. "This extra specificity is likely there so as to catch only the surreptitious installations of this file."

As we wrote on Thursday, the Yontoo adware socially engineers users into installing it as a browser plugin. Once it's installed into Safari, Firefox, and Chrome, the plugin injects advertising into the websites you're visiting—including those that don't even normally show ads.

The plugin poses a risk not just because it's annoying to see third-party ads where they don't belong, but because those behind the trojan could inject other malicious code. (The same trojan exists for PC users as well.) But now that Apple has added Yontoo to the built-in malware protections in OS X, it's a lot less likely that Mac users will end up accidentally installing it.